Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Cross site scripting xss attack lab elgg

20/03/2021 Client: saad24vbs Deadline: 3 days

Cross-site scripting (XSS) Attacks

Cross-site scripting (XSS) is a type of vulnerability commonly found in web applications. This vulnerability makes it possible for attackers to inject malicious code (e.g. JavaScript programs) into victim’s web browser.

Using this malicious code, the attackers can steal the victim’s credentials, such as cookies. The access control policies (i.e., the same origin policy) employed by the browser to protect those credentials can be bypassed by exploiting the XSS vulnerability. Vulnerabilities of this kind can potentially lead to large-scale attacks.

To demonstrate what attackers can do by exploiting XSS vulnerabilities, we have set up a web application named Elgg in our pre-built Ubuntu VM image. Elgg is an open-source web application for social networking, and it has implemented a number of countermeasures to remedy the XSS threat. To demonstrate how XSS attacks work, we have commented out these countermeasures in Elgg in our installation, intentionally making Elgg vulnerable to XSS attacks. Without the countermeasures, users can post any arbitrary message, including JavaScript programs, to the user profiles. In this lab, students need to exploit this vulnerability to launch an XSS attack on the modified Elgg, in a way that is similar to what Samy Kamkar did to MySpace in 2005 through the notorious Samy worm. The ultimate goal of this attack is to spread an XSS worm among the users, such that whoever views an infected user profile will be infected, and whoever is infected will add you (i.e., the attacker) to his/her friend list.

Environment setup for the problem:

For this problem, we will assume that you have set up the Ubuntu virtual machine environment based on the instructions in the Syllabus under “Special Software Installation Requirements”.

We will need the following:

· Firefox web browser

· Apache web server

· Elgg web application

For the Firefox browser, we need to use the LiveHTTPHeaders extension for Firefox to inspect the HTTP requests and responses (available under the “Tools” menu in Firefox). The pre-built Ubuntu VM image provided to you has already installed the Firefox web browser with the required extension.

The Apache web server is also included in the pre-built Ubuntu image. However, the web server is not started by default. You have to first start the web server using one of the following two commands:

% sudo apache2ctl start

or

% sudo service apache2 start

The Elgg web application is already set up in the pre-built Ubuntu VM image. We have also created several user accounts on the Elgg server and the credentials are given below (username, password):

admin, seedelgg

alice, seedalice

boby, seedboby

charlie, seedcharlie

samy, seedsamy

You can access the Elgg server using the following URL (the Apache server needs to be started first):

http://www.xsslabelgg.com

(this URL is only accessible from inside of the virtual machine, because we have modified the /etc/hosts file to map the domain name (www.xsslabelgg.com) to the virtual machine’s local IP address 127.0.0.1).

Once you log in as a user in Elgg, you can access your Profile and list of Friends by clicking on icons in the upper left part of the browser window.

Note: Some of the project tasks require some basic familiarity with JavaScript. Wherever necessary, we provide a sample JavaScript program to help you get started.

i. Posting a Malicious Message to Display an Alert Window

The objective of this task is to embed a JavaScript program in your Elgg profile, such that when another user views your profile, the JavaScript program will be executed and an alert window will be displayed. The following JavaScript program will display an alert window:

If you embed the above JavaScript code in your Profile (e.g. in the brief description field), then any user

who views your profile will see the alert window.

What you need to do:

1. Login as user Alice and change the "Brief description" field in your Profile such that an alert window which has the following text will open:

XSS attack by

2. Logout and login as user Boby, and then select user Alice from "More => Members" in the Elgg menu.

3. Include in your project document a screen printout with this alert window.

ii. Posting a Malicious Message to Display Cookies

The objective of this task is to embed a JavaScript program in your Elgg profile, such that when another

user views your profile, the user’s cookies will be displayed in the alert window. This can be done by adding

some additional code to the JavaScript program in the previous task:

Hello Everybody,

Welcome to this message board.

When a user views this message post, he/she will see a pop-up message box that displays the cookies of the user.

What you need to do:

1. Login as user Alice and change the "Brief description" field in your Profile such that an alert window which contains the user’s cookies will open.

2. Logout and login as user Charlie, and then select user Alice from "More => Members" in the Elgg menu.

3. Include in your project document a screen printout with this alert window.

iii. Stealing Cookies from the Victim’s Machine

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Engineering Guru
Finance Master
Calculation Master
Helping Hand
Essay Writing Help
Instant Homework Helper
Writer Writer Name Offer Chat
Engineering Guru

ONLINE

Engineering Guru

You can award me any time as I am ready to start your project curiously. Waiting for your positive response. Thank you!

$20 Chat With Writer
Finance Master

ONLINE

Finance Master

I will cover all the points which you have mentioned in your project details.

$70 Chat With Writer
Calculation Master

ONLINE

Calculation Master

Give me a chance, i will do this with my best efforts

$37 Chat With Writer
Helping Hand

ONLINE

Helping Hand

I have read your project details. I can do this within your deadline.

$171 Chat With Writer
Essay Writing Help

ONLINE

Essay Writing Help

Hello, I an ranked top 10 freelancers in academic and contents writing. I can write and updated your personal statement with great quality and free of plagiarism

$130 Chat With Writer
Instant Homework Helper

ONLINE

Instant Homework Helper

I have read your project details. I can do this within your deadline.

$143 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Problem 5 3a perpetual alternative cost flows lo p1 - Nursing homework - Reflection paper - Life is like a walking shadow - 13.25 as a mixed number - Cambridge english empower b1 answer - The book of nahum relates the destruction of edom - C3 and c4 grasses - Percentage change represents the relative change between the - How to write a biopsychosocial assessment - Theodore boone kid lawyer sparknotes - Finding childcare essay - Lustreseal general concrete sealer - How to write a purpose statement for research paper - Film review - What is the least common multiple of 4 and 5 - Herbivores in the sahara desert - Alt codes for french - Charles billingsley friday night lights - What is the plot of the three little pigs - Leadership as a vocation - Fastcat booking online - Discussion needed by 3pm Sat - Evolution of stock exchange - What do cork and onion cells have in common - Despicable me 3 124movies - Abnormal psychology discussion questions - Ruler reaction time test - Week 3 Discussion Creativity and Innovation - Discussion Question 1 - Sace stage 2 legal studies textbook - International computer driving license syllabus - How mr rabbit was too sharp for mr fox - Nurs 4455 financial management case study - Print network diagram ms project - The bad seed plot - What potential difference is needed to accelerate a - Bupa overseas student health cover claim form - How to get rg146 qualification - PICOT - Icd 10 code for insulin pump malfunction - What is a mesosystem in child development - Greg norman wife kirsten kutner - Walmart dataset csv - Discovering right and wrong 7th edition pdf - School vs education russell baker - Dhcp snooping rate limit - Cherry pink and apple blossom white musical ideas - St ives uniting church - Henry county community foundation - Problem 12 6 preparing a payroll register answers - Business continuity and disaster recovery plan - Equipotential lines for a dipole - 735 Wk 12 DQ 2 - Small Group Communication - Dr nick aspres liverpool - Stelrad radiator output chart - Another one bites the dust superbowl commercial - Why wouldn t a linear model work for a savings account - Assessment - Everybody sees the ants sparknotes - Tea tree oil on tampon for trich - Electrical single line diagram - Des Sonneries Gratuits pour Chaque Goût Téléchargez les Vôtres Sans Frais - Patient Scenario Short Paper - Tableau flights dataset - Irregular plural nouns mini lesson - Emotional intelligence includes all of the following except - Privilege power and difference chapter 1 - Growing copper sulfate crystals - How to ask about general symptoms on shadow health - Literacy Toolkit 1: Phonics and Word Recognition - Operations management simulation balancing process capacity challenge 2 - Elastic collision problems worksheet - Explore science working scientifically - Positioning services in competitive markets lovelock ppt - Boysen jensen experiment on phototropism - Computer security research assignment - The probability distribution for the number of goals the lions - Business intilligence - City west homes lisson green - Principles of management and organization - Lg hom bot square price in india - Magic tree house lions at lunchtime summary - Mackillop family services wollongong - Assessment 4 - ASSIGNMENT5 08042020 - Ikea harvard business case - Doing ethics 5th edition chapter 1 - Cy-p-11 - Balanced scorecard in healthcare organizations ppt - Ck 12 chemistry answer key - Thematic backpack plan - Butane gas cooker recall - Burger king assignment - Roman numerals rules pdf - Acute responses to exercise energy systems - Very merry linear inequalities review answer key - Expansion strategy and establishing a reorder point excel - Problem 4 6 financial accounting